From: Pritha Srivastava <prsrivas@redhat.com>
Date: Mon, 16 Oct 2023 08:10:10 +0000 (+0530)
Subject: rgw/sts: fix for wrong certificate getting picked during
X-Git-Tag: v20.0.0~1177^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=1bd56a7312611b061ffb46efc97ac0804cd7a4d8;p=ceph.git

rgw/sts: fix for wrong certificate getting picked during
validation of a web token signature.

A boolean flag is incorrectly set to true outside the 'if'
statement, which causes an incorrect cert to be picked.

fixes: https://tracker.ceph.com/issues/54562

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
---

diff --git a/src/rgw/rgw_rest_sts.cc b/src/rgw/rgw_rest_sts.cc
index 6df53f612cde..dbe4994cfa52 100644
--- a/src/rgw/rgw_rest_sts.cc
+++ b/src/rgw/rgw_rest_sts.cc
@@ -384,7 +384,6 @@ WebTokenEngine::validate_signature(const DoutPrefixProvider* dpp, const jwt::dec
                found_valid_cert = true;
                break;
               }
-              found_valid_cert = true;
             }
             if (! found_valid_cert) {
               ldpp_dout(dpp, 0) << "Cert doesn't match that with the thumbprints registered with oidc provider: " << cert.c_str() << dendl;